Mattias Pilroth | Principal OT Security Architect

The Coverage Trap

Sun, 29 Mar 2026 00:00:00 +0000

OT security programs are built around coverage. Coverage is measurable, auditable, and procurable. Frameworks can be specified against it, vendors can map products to it, and auditors can verify it. What coverage does not measure is whether the controls address the conditions under which these environments actually fail.

The divergence between coverage and resilience is not a recent development. It is the product of industry conditions that shaped how the discipline emerged, which frameworks it reached for, and what it was organized to demonstrate. Those conditions have not resolved.

Silent Degradation in OT Systems

Sun, 22 Mar 2026 00:00:00 +0000

Long-lifecycle OT systems do not hold their commissioning state.

Sustained operation is not evidence of operational stability.

These systems drift. Configuration diverges from documentation. Temporary changes become permanent. Redundant paths fail one at a time without crossing the threshold that forces escalation. Diagnostic channels decay. Ownership weakens at the interfaces between systems, teams, and vendors. The environment continues to run while its actual condition moves away from the condition operators believe they are maintaining.

Why OT Infrastructure Appears Static

Sun, 22 Feb 2026 00:00:00 +0000

Industrial control systems in chemical plants, refineries, and generating stations appear static to IT and cybersecurity teams. Systems stay in service for decades. Patch levels lag. Legacy platforms outlive vendor support. Change is slow and frequently deferred.

From outside the operating context, this looks irrational. Inside the fence, it is a rational response to consequence, liability, validation limits, and funding mechanics. The inertia follows from the constraints that determine what change the plant can safely absorb.